1. Field of the Invention
The present invention relates to wireless communication systems, and more particularly, to a wireless communication system for authenticating a right to access a network by using a certificate that serves to authorize a terminal to access a network (hereinafter simply referred to as a “certificate of privilege”). The invention also pertains to a terminal used in the above-described system, a processing method for use in the terminal, and a program for allowing a computer (terminal) to execute the processing method. Particularly, the present invention is effective in a wireless network in which all the wireless terminals forming the network send management information, for example, beacons.
2. Description of the Related Art
When connecting terminals to a network in a typical wireless communication system, a network administrator manually sets a unique identifier (for example, Extended Service Set IDentifier (ESS ID)) in an access point, and a user using the access point sets the identifier in a wireless terminal of the user. In this manner, the terminals forming a network can be associated with the network. Accordingly, even in an environment of an infrastructure mode in which a plurality of networks are present, a desired access point can be uniquely identified.
Even in an infrastructure mode without specific access points, a network administrator determines a unique identifier, and then, the network administrator or users manually set the identifier in the corresponding terminals. This enables each terminal to determine whether the other terminals belong to the same network. Japanese Unexamined Patent Application Publication No. 2002-198971 (FIG. 4) discloses the following system using an identifier. In this system, an identifier different from an ESSID is defined and is set when terminals are shipped. Alternatively, such an identifier is set such that the user can rewrite the identifier. If the identifier sent together with a connection request from another terminal coincides with the identifier of the own terminal, such a terminal is allowed to connect to the network. If not, the connection request is rejected.
In the above-described system, the identifier determined for each network is manually set in each terminal, or the identifier is set when the terminals are shipped. It is troublesome, however, for the user to manually set the identifier, and the user may make an error when setting the identifier. Even if the identifier is set in advance, it may have to be changed due to a change in a network structure, thereby increasing a burden to the user.
Additionally, if all the terminals having the same identifier are allowed to access a network under the same condition, they can also access files which should not be unconditionally made open, thereby causing the security problems. Thus, the management of access rights must also be considered in terms of the security.
Access rights can be managed by using certificates of privilege, for example, attribute certificates. In this case, however, a verification process using a public key of a certificate issuer is required. Accordingly, it is not practical to exchange certificates of privilege through a routine operation by, for example, sending and receiving beacons.